3

Below is an example which fails. I have tried several ways of getting $arrayOfIds below into the correct syntax for the id IN (?) with no luck. If I do not query bind, it works.

Note: We are not using Active Record.

// this is actually being passed in as argument
$arrayOfIds = array('A0000-000000000001','B0000-000000000001','C0000-000000000001');  

$params = array();
array_push($params,1); // for the status
array_push($params, "'" . implode("','",$arrayOfIds) . "'"); // for the id in 

$sql = "SELECT name FROM my_table WHERE status = ? AND id IN (?) ";

$query = $this->db->query($sql,$params);
Improve this question
5
  • Have you tried dumping your query using $this->db->last_query() after it's run to see what the SQL looks like? Commented Nov 3, 2013 at 22:17
  • well, I suppose it is just a typo from copying to here, but you are using $arrayOfIds above, then $companyEntityIds. Let's at least correct our post, then run $this->db->last_query() as Mathew Daly said Commented Nov 3, 2013 at 23:24
  • so, yo uedited your typo, but you didn't give us the useful info we need - what does your query now look like? Commented Nov 4, 2013 at 7:43
  • related: stackoverflow.com/questions/4854710/… Commented Nov 4, 2013 at 15:42
  • Quick follow up dumping the last_query showed the error. CI auto escapes bound query params. So was ending up with permutations like: IN ('\'A0000-000000000001,B0000-000000000001,C0000-000000000001'\'') -OR- ('\'A0000-000000000001\',\'B0000-000000000001\',\'C0000-000000000001\''). Commented Nov 4, 2013 at 17:40

2 Answers 2

Reset to default
6

You need to build the params array differently and add as many question marks as the size of arrayOfIds.

EDIT: The question marks are generated dynamically according to the array size.

$arrayOfIds = array('A0000-000000000001','B0000-000000000001','C0000-000000000001');  

$params = array();
array_push($params, 1);

$params = array_merge($params, $arrayOfIds);
$in_string = str_replace(' ', ',', trim(str_repeat("? ", count($arrayOfIds))));  

$sql = "SELECT name FROM my_table WHERE status = ? AND id IN (".$in_string.")";

$query = $this->db->query($sql, $params);
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

that's completely wrong. He is making his arrayOfIds into a single variable, and then trying to bind it. With your method, he would have to have a static number of array elements, which may not be true
Using his method Codeigniter is escaping the ticks making the query unusable. Using my answer, you can build the IN (?,?,...) with a simple loop over the array size.
This approach works very well and solved my problem. As noted in my comment above, CodeIgniter escapes each query bound item which is nice; however, leaves us this challenge when passing lists. Your approach of creating a bind list variable for my list is great along with the merge to my params array.
you can also just tell it not to add the backticks
How can you do that and keep the query escaped?
1 
$arrayOfIds = array('A0000-000000000001','B0000-000000000001','C0000-000000000001');  

$status = 1;

$sql = "SELECT name FROM my_table WHERE status = ? AND id IN ?";

$query = $this->db->query($sql, array($status, $arrayOfIds));
Improve this answer

1 Comment

Instead of just dumping some code, you should explain what this code does, how it's different from the original code and why it solves the problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.